A new cybersecurity threat called the “whoAMI” attack is putting Amazon Web Services (AWS) users at risk by exploiting name confusion in Amazon Machine Images (AMI). This attack allows malicious actors to execute remote code on AWS accounts by tricking systems into using a compromised AMI instead of a legitimate one.
How the whoAMI Attack Works
The whoAMI attack, revealed by Datadog Security Labs researcher Seth Art, takes advantage of misconfigured software that searches for AMIs without specifying ownership details. When an AMI is created in AWS, it serves as a virtual machine image that launches Elastic Compute Cloud (EC2) instances. Attackers can upload their own malicious AMIs to the public AWS Community AMI catalog, giving them an opportunity to hijack unsuspecting users’ deployments.
According to Datadog’s report, this vulnerability exists due to the way some systems retrieve AMI IDs using the ec2:DescribeImages API. If the API call does not specify an owner, it may return results from any AMI that matches the given name filter. This opens the door for attackers to create malicious AMIs with names identical to trusted ones.
For the attack to succeed, three conditions must be met:
The AMI search is conducted using only the name filter.
The owner, owner-alias, or owner-id parameters are not specified.
The most recent matching image is automatically selected (
most_recent=true).
If these conditions are met, an attacker can inject their own AMI, causing AWS to unknowingly deploy a compromised instance. Once executed, this grants remote code execution (RCE) privileges, allowing the attacker to manipulate the affected system.
whoAMI & Dependency Confusion Attack
The whoAMI attack is similar to dependency confusion attacks, which occur when software mistakenly installs a malicious package instead of a legitimate one. In this case, instead of a software dependency (such as a Python or npm package), the compromised resource is a virtual machine image. Attackers take advantage of the lack of ownership verification to insert their own AMIs into the selection process.
Real-World Impact of the whoAMI Attack
Datadog’s analysis found that around 1% of organizations they monitor were vulnerable to the whoAMI attack. Their research also uncovered public examples of affected code in multiple programming languages, including Python, Go, Java, Terraform, Pulumi, and Bash shell scripts.
While there is no evidence that this attack has been exploited in real-world cyberattacks, it presents a significant security risk. AWS investigated the issue and confirmed that only authorized security researchers had tested the technique. However, they advised customers to review their AMI retrieval processes to prevent potential exploitation.
Amazon’s Response
Following Datadog’s responsible disclosure on September 16, 2024, Amazon addressed the issue within three days. AWS reassured users that all services were functioning as expected and that they found no signs of abuse beyond the security researchers’ tests.
To enhance security, AWS introduced Allowed AMIs, a new account-wide setting launched in December 2024. This feature enables customers to limit the discovery and use of AMIs within their AWS accounts, reducing the risk of falling victim to name confusion attacks.
AWS recommends that users implement this security control and ensure that their API calls specify the AMI owner when retrieving images. Additionally, HashiCorp Terraform has taken proactive steps by issuing warnings in version 5.77.0 when the most_recent=true setting is used without an owner filter. This warning will be escalated to an error in version 6.0.0 to prevent insecure configurations.
Protect Your AWS Account from whoAMI Attacks
To mitigate the risk of the whoAMI attack, AWS users should follow these best practices:
Always specify the AMI owner when using the
ec2:DescribeImagesAPI.Enable Allowed AMIs to restrict AMI usage within your AWS account.
Review infrastructure-as-code scripts, including Terraform, to ensure they do not rely on vulnerable search patterns.
Monitor AWS logs and API calls for unusual AMI activity.
Conclusion
The whoAMI attack highlights the importance of precise configuration in cloud security. By failing to specify ownership details when searching for AMIs, organizations can unintentionally deploy compromised virtual machines, giving attackers an entry point for remote code execution. AWS has responded with security updates, but it is up to users to implement best practices to safeguard their accounts.
As cloud environments become more complex, vigilance in infrastructure configuration remains crucial. Organizations should assess their AWS deployment practices to ensure they are not vulnerable to name confusion attacks like whoAMI. By taking proactive security measures, businesses can better protect their cloud resources from emerging threats.
Follow us on 
(Twitter) for real time updates and exclusive content.
Interesting Article : High-Severity Palo Alto PAN-OS Vulnerability Alert: CVE-2025-0108